Email, Configuring Authenticated Email using a vendor DKIM record

This KB provides the steps necessary to set up custom domain authentication for 3rd party and cloud applications

Setting up Custom Domain Authentication: DKIM and SPF (using SendGrid)

This KB provides the steps necessary to set up custom domain authentication for areas on campus that use SendGrid for some of their emailing needs.

To improve deliverability of emails sent by SendGrid SPF and DKIM have to be configured. In this article, you'll learn how to set up DKIM and add SendGrid to your SPF record. 

Before You Start

Here are some things to know before you begin this process.

When you set up an authenticated domain, you will be given the option of using automated or manual security. When you select automated security, SendGrid will manage your DKIM and SPF records for you. This means that whenever you make a change to your account that could impact your deliverability, such as adding a new dedicated sending IP address, SendGrid will automatically update your DNS settings and your DKIM signature.

Custom Authentication:

To set up domain authentication, you must submit the DNS records provided by SendGrid to your DNS or your domain record with the campus host manager. The CNAME record creates an alias for and points to This will be what your messages are signed by, so your recipients will be able to see what you have chosen for your CNAME. You set up the CNAME files that SendGrid provides with your DNS host. 

Here's a brief overview of the process.


In SendGrid

In Your Domain Record

or Zone Editor

  • Verify your domain.

In the SendGrid UI, select Settings > Sender Authentication.

In the domain authentication section, add in information about your DNS host, and indicate whether you also want to set up link branding. For more information about link branding, check What is link branding?.

Fill in the domain that you want to send from ( or For more information about advanced settings, see Advanced settings.

Next, you need to add all of the CNAME records in the next column to your DNS host. This process varies depending on your DNS host.


Example DKIM Record: Automated Security ON | CNAME | | CNAME | | CNAME | 

For help with this:

If you do not want to use a subdomain, contact

Update your SPF record to allow Sendgrid to send emails on your behalf.

For help with this:

DONE - Create a TXT record for with this value: v=spf1 ~all

NOTE:  if you intend to send email ‘as’, we cannot add additional include statements to the campus SPF record.  This will require that the vendor use their own domain in the ‘mail from’ address of messages, while using ‘’ in the ‘header from’, using the DKIM signature coordinated with Technology Services in the prior step.



Keywords:email, DKIM, SPF, DMARC, fraud defense, mailchimp, emma   Doc ID:93389
Owner:Email Relays E.Group:University of Illinois Technology Services
Created:2019-07-25 15:34 CSTUpdated:2020-09-21 07:01 CST
Sites:University of Illinois Technology Services
Feedback:  0   0